huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
199 Commits 1 Branch 0 Tags 251 MiB
Commit Graph

86 Commits

Author SHA1 Message Date
Nate McMaster aeab73f9f6 Upgrade to VS 2017 2017-01-30 14:21:37 -08:00
Kiran Challa cd4afdc083 [Fixes #116] Set 'no-store' also in Cache-Conrol header 2017-01-26 12:56:15 -08:00
Pranav K 5cb5178619 Updating to 4.4 CoreFx packages 2016-12-14 14:47:26 -08:00
Pranav K 687be28875 Updating versions to 1.2.0-* 2016-11-09 14:12:21 -08:00
Kiran Challa a5c0e505c1 Fix cookie from being set to empty pathbase 
Found with issue: https://github.com/aspnet/Mvc/issues/5512
 2016-11-08 12:25:18 -08:00
Kiran Challa 3fc090e2fe [Fixes #105] Disable caching when response uses antiforgery 2016-11-02 16:16:06 -07:00
Kiran Challa 08cb67b7e4 [Fixes #104] Expose cookie options via Antiforgery options 2016-11-02 11:03:23 -07:00
Pranav K c5c94d88c8 Updating to netcoreapp1.1 2016-10-13 11:11:20 -07:00
Pranav K 0d00259099 Revert "Updating to netcoreapp1.1" 
This reverts commit e191420cae.
 2016-10-12 16:07:12 -07:00
Pranav K e191420cae Updating to netcoreapp1.1 2016-10-12 13:44:46 -07:00
Pranav K fb8795e247 Updating partner package versions 2016-09-28 11:49:26 -07:00
Kiran Challa ad90db343c [Fixes #101] Cookie path is always / in IIS 2016-09-13 13:58:02 -07:00
Pranav K b086b5b165 Updating to Moq \ Castle.Core that does not require imports 2016-08-08 12:22:35 -07:00
Doug Bunting e9f26ec4b6 One build to rule them all 
- well, at least VS and command-line builds will share output
- part of aspnet/Coherence-Signed#277
 2016-07-06 21:43:13 -07:00
Pranav K d529378a46 Updating to RTM builds of dotnet-test-xunit and Moq 2016-06-29 12:32:06 -07:00
Pranav K dad4522ef3 Updating to dev versions 2016-06-16 10:39:00 -07:00
N. Taylor Mullen f0fc335cc0 Remove direct Microsoft.NETCore.Platforms dependency. 
- Microsoft.NETCore.App now pulls this package in.

aspnet/Coherence-Signed#344
 2016-06-13 15:29:57 -07:00
Cesar Blum Silveira dd86306ec6 Fix test pass. 2016-05-27 17:47:50 -07:00
Kiran Challa 3595452af7 Change priority for request token source lookup. Header token now takes priority over form field token. 2016-05-18 17:03:20 -07:00
Pranav K f65c3db6ef Merge branch 'release' into dev 2016-05-02 14:55:20 -07:00
Pranav K 05602d36db Fix build warnings 2016-05-02 11:27:05 -07:00
Pranav K 158754ec5e Merge branch 'release' into dev 2016-04-19 14:53:51 -07:00
Pranav K 9aad34e711 Use latest build of dotnet-test-xunit 2016-04-19 14:53:51 -07:00
Pavel Krymets 3f9ceee4b1 Merge branch 'release' into dev 2016-04-18 17:07:38 -07:00
Pavel Krymets a35e5a02c3 Bring Microsoft.NETCore.Platforms dependency back 2016-04-18 17:07:34 -07:00
Ryan Brandenburg eabe83a72d Prevent null-ref and log exceptions form Serializer 2016-04-18 15:55:27 -07:00
Ryan Brandenburg fd81151d31 Preserve X-Frame-Options if it was already set 2016-04-18 14:27:06 -07:00
Pavel Krymets 8570acbb73 Migrate tests, tools and samples to portable 2016-04-15 09:51:51 -07:00
Kiran Challa 330200874d Changed DNX451 references to NET451 2016-04-08 15:04:49 -07:00
Ryan Nowak 37c8f5de70 Revert "Add antiforgery middleware" 
This reverts commit 4629148519.
 2016-04-01 09:10:33 -07:00
Doug Bunting 65a2b8d25b React to HttpAbstractions namespace changes 
- aspnet/HttpAbstractions#549 and aspnet/HttpAbstractions#592
- clean up `using`s
 2016-03-30 16:13:12 -07:00
David Fowler c6f7a3434e Fixed build 2016-03-25 10:50:06 -07:00
ryanbrandenburg 94cefde3ec Make IAntiforgeryContextAccessor a Feature 2016-03-23 14:35:26 -07:00
jacalvar c237f8989a React to changes in DataProtection 2016-03-15 16:26:57 -07:00
Pranav K ddde171fcb Reacting to Hosting changes 2016-03-14 20:53:27 -07:00
Pranav K 162cb428cc Fixing CI build failure 
Removing unused npm references
 2016-03-12 09:45:03 -08:00
= fb28bacda1 Target net451 so functional tests execute with xunit runner on linux 2016-03-09 17:21:05 -08:00
John Luo 91b955e080 Update cookie name 2016-03-03 22:48:13 -08:00
Doug Bunting 260f1b7db9 Remove project name from output path 
- aspnet/Coherence-Signed#187
- remove `<RootNamespace>` settings but maintain other unique aspects e.g. `<DnxInvisibleContent ... />`
- in a few cases, standardize on VS version `14.0` and not something more specific
 2016-03-02 15:21:47 -08:00
N. Taylor Mullen f9b9dcd79b Transition to netstandard. 
- dotnet5.X => netstandard1.y (where y = x-1).
- DNXCore50 => netstandardapp1.5.
- Applied the same changes to ifdefs.
 2016-03-01 13:36:35 -08:00
Ryan Nowak 4629148519 [Design] Add antiforgery middleware 
This new middleware participates in authentication and acts as a filter
when the request doesn't include a valid CSRF token for a POST.

Any authentication middleware that you want to validate an antiforgery
token should go ahead of this middleware in the pipeline (Cookies,
IISIntegration). This also takes care of automatic auth (Windows) done by
weblistener.

Any authentication middleware that you want to ignore antiforgery should
go after this middleware in the pipeline.

To facilitate this, there are a few changes in the antiforgery API
surface. Namely we can now pass in a principal to validate tokens. You
can't pass in a principal to generate tokens - we expect you to be logged
in at that poing. Also, ValidateRequestAsync(...) now checks the HTTP verb
and won't validate GETs and such.
 2016-02-24 15:04:09 -08:00
Ajay Bhargav Baaskaran 220479c1a1 [Fixes #30] Updated UID generation in DefaultClaimUidExtractor 2016-02-16 10:14:52 -08:00
Ryan Nowak ac107b5371 Make IsRequestValid check HTTP method 
This code was popping up everywhere this method is called. Seems bad to
duplicate it. Really what the caller wants to know is 'is the request
valid or a potential CSRF exploit?'. This gets the API closer to that.
 2016-02-12 16:52:25 -08:00
Kiran Challa 668b67170f Enable tests to run in donet xunit runner 2016-02-09 21:50:19 -08:00
Doug Bunting c85badcf71 Fix bad merge 
- not exactly logging at the right spot in `GetAndStoreTokens()`
- test helpers were creating two separate `ServiceCollections`
 - also didn't compile!
 2016-02-09 16:43:01 -08:00
Doug Bunting 73695fc443 Serialize cookie token at most once 
- #23 part 3
- `Get[AndStore]Tokens()` would deserialize cookie token from request even if `IsRequestValidAsync()` already had
- `GetAndStoreTokens()` serialized an old (never saved) cookie token once and a new one twice

- refactor serialization from `DefaultAntiforgeryTokenStore` to `DefaultAntiforgery`
 - divide responsibilities and ease overall fix
- above refactoring took `IAntiforgeryContextAccessor` responsibilities along to `DefaultAntiforgery` as well
 - store all tokens in `IAntiforgeryContextAccessor` to avoid repeated (de)serializations
 - remove `AntiforgeryTokenSetInternal`

nits:
- bit more parameter renaming to `httpContext`
- remove argument checks in helper methods
 - did _not_ do a sweep through the repo; just files in this PR
 2016-02-09 15:29:04 -08:00
ryanbrandenburg c8a9ecc0c1 * Add logging to Antiforgery 2016-02-09 09:27:51 -08:00
Doug Bunting 08cf13b870 Remove `ValidateTokens()` from `IAntiforgery` 
- `IAntiforgery` does not expose a way to get an invalid `AntiforgeryTokenSet`
 2016-02-05 12:16:10 -08:00
Ryan Nowak 33e3001d53 Remove GetHtml 
It's being moved to MVC
 2016-02-04 11:22:26 -08:00
Ryan Nowak 3a2d09b066 Move exceptions from the store to the facade 
My earlier change to add TryValidateRequestAsync didn't go far enough,
because the store will still throw when the tokens aren't present. This
change is to make the store just return null tokens in these cases, and
move the exceptions to DefaultAntiforgery.
 2016-02-04 11:11:45 -08:00